Here are some Statutory Instruments which show that the benighted National Identity Register and Scheme is creeping ahead slowly, presumably starting to come into force for the airside workers at Manchester and City of London airports after the 20th October 2009:
- SI 2009 No. 2565 -The Identity Cards Act 2006 (Commencement No. 4) Order 2009
- SI 2009 No. 2570 - The Identity Cards Act 2006 (Information and Code of Practice on Penalties) Order 2009 - Coming into force: 24th September 2009
- SI 2009 No. 2571 - The Identity Cards Act 2006 (Civil Penalties) Regulations 2009 - Coming into force 20th October 2009
- SI 2009 No. 2572 -The Identity Cards Act 2006 (Entitlement to be Registered) Regulations 2009 - Coming into force: 20th October 2009
- SI 2009 No. 2574 -The Identity Cards Act 2006 (National Identity Registration Number) Regulations 2009 - Coming into force: 20th October 2009
- SI 2009 No. 2575 -The Identity Cards Act 2006 (Provision of Information with Consent) Regulations 2009 - Coming into force: 20th October 2009
Do the Thales Group and 3M Company directors, employees and sub-contractors realise that they face up to 10 years in prison and / or an unlimited fine for any hardware, software or configuration errors or mistakes (even temporary ones) ,or any industrial action such as going on strike ?
(2) A National Identity Registration Number shall provide no information in respect of a person other than that an entry in the Register has been made and that the entry has been given that number.
(3) The process by which a National Identity Registration Number is given to an entry in the Register shall have no regard to any other reference number or code assigned to the person in respect of whom the entry has been made.
Note the wording "...shall provide no information in respect of a person other than..." and "...no regard to any other reference number or code assigned to the person.."
Will this force the NIRN to be properly random, using well established cryptographic hash techniques?
Or will the Home Office repeat the disaster of the having number series sequences grouped around the date of issue, which provided a way into breaking the on on-chip encryption of say the first version of the United Kingdom Biometric Passport, allowing it to be read remotely and to be be cloned
See the Wikipedia article section on Biometric Passport Attacks
There cannot be a simple counter which is incremented sequentially as each new ID Card is issued , and there must be no Office Location prefixes or series which distinguish say the Manchester Airport numbers from the London City Airport Numbers etc.
SI 2009 No. 2565 -The Identity Cards Act 2006 (Commencement No. 4) Order 2009 hints indirectly at a couple of the companies who are helping to build the wretched National Identity Register, and whose products and services you might wish to think twice about buying:
SCHEDULE Article 2(4)(b)
Addresses of premises where a British citizen or EEA national is working under a contract for services for the Identity and Passport Service
1. Gorse Street, Chadderton, Oldham, Lancashire OL9 9QH.
This seems to be
3M Security Printing & Systems Ltd.
Registration Number: 3658741
The 3M Company is a United States conglomerate.
2. Dolphin House, Ashurst Drive, Bird Hall Lane, Cheadle Heath, Stockport, Cheshire SK3 0XB.
3. Poseidon House, Ashurst Drive, Bird Hall Lane, Cheadle Heath, Stockport, Cheshire SK3 0XB.
These seem to be French owned Thales Group defence contractor premises, e.g. Thales Underwater Systems Ltd, but presumably some Thales Information Systems Security people involved in the Manchester Airport and London City Airport National Identity Register and ID Card scheme roll out are based there.
Thales Information Systems Security
United Kingdom offices:
Thales e-Security Ltd.
Meadow View House
Tel: + 44 (0)1844 201800
Hants, RG21 4HJ
Thales e-Security Ltd.
Tel: + 44 (0)1844 201800
Thales UK Ltd.
Wookey Hole Road
Tel: +44 (0)1749 682081
Tel: +44 (0)1223 723600
We wonder if the people working for these companies realise that the badly draughted Identity Cards Act 2006 section 29 Tampering with the Register makes them criminally liable, with a penalty of up to 10 years in prison and / or an unlimited fine, for the slightest error in hardware or software or configuration, i.e. any "conduct"
where it makes it more difficult or impossible for such information to be retrieved in a legible form from a computer on which it is stored by the Secretary of State, or contributes to making that more difficult or impossible.
* "conduct" includes acts and omissions; and
* "modification" includes a temporary modification.
It also applies to non UK citizens, and to conduct outside of the United Kingdom i.e. the whole universe.
These criminal penalties trump any of the Terms and Conditions in the small print of any (civil law) Contract signed by these companies with the Home Office
No less a legal authority than Baroness Scotland of Asthal, who is now the Attorney General (mired in scandal by her own illegal worker documentation legislation and also over second home expenses claims) , confirmed, when she was the Home Office Minister steering the Identity Cards Bill 2005 through the House of Lords, that the wording of this clause (which has passed unchanged into law under the Identity Cards Act 2006), would make it illegal for Trades Unionists and others working on the the National Identity Register / Scheme systems, from taking any "industrial action" such as going on strike.